diff --git a/docs/src/main/sphinx/security/ldap.rst b/docs/src/main/sphinx/security/ldap.rst index 369e9069de44..02bbf314960b 100644 --- a/docs/src/main/sphinx/security/ldap.rst +++ b/docs/src/main/sphinx/security/ldap.rst @@ -74,14 +74,14 @@ Property Description Password authenticator configuration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Password authentication needs to be configured to use LDAP. Create an +Password authentication must be configured to use LDAP. Create an ``etc/password-authenticator.properties`` file on the coordinator. Example: .. code-block:: text password-authenticator.name=ldap ldap.url=ldaps://ldap-server:636 - ldap.ssl.truststore.path=/path/to/ldap_server.crt + ldap.ssl.truststore.path=/path/to/ldap_server.pem ldap.user-bind-pattern= ================================== ====================================================== @@ -93,10 +93,12 @@ Property Description ``ldap.allow-insecure=true``. ``ldap.allow-insecure`` Allow using an LDAP connection that is not secured with TLS. -``ldap.ssl.keystore.path`` Path to the PEM or JKS key store. +``ldap.ssl.keystore.path`` The path to the :doc:`PEM ` + or :doc:`JKS ` keystore file. ``ldap.ssl.keystore.password`` Password for the key store. -``ldap.ssl.truststore.path`` Path to the PEM or JKS trust store. -``ldap.ssl.truststore.password`` Password for the trust store. +``ldap.ssl.truststore.path`` The path to the :doc:`PEM ` + or :doc:`JKS ` keystore file. +``ldap.ssl.truststore.password`` Password for the truststore. ``ldap.user-bind-pattern`` This property can be used to specify the LDAP user bind string for password authentication. This property must contain the pattern ``${USER}``, which is diff --git a/docs/src/main/sphinx/security/tls.rst b/docs/src/main/sphinx/security/tls.rst index f4df47a3a247..7a7f4e390fe4 100644 --- a/docs/src/main/sphinx/security/tls.rst +++ b/docs/src/main/sphinx/security/tls.rst @@ -165,6 +165,8 @@ Keys and certificates Trino can read certificates and private keys encoded in PEM encoded PKCS #1, PEM encoded PKCS #8, PKCS #12, and the legacy Java KeyStore (JKS) format. +Certificates and private keys encoded in a binary format such as DER must be +converted. Make sure you obtain a certificate that is validated by a recognized :ref:`certificate authority `.